package com.ruoyi.yf.tool;/**
 * Created by XiaoYi  on 2020-03-26 15:01
 */

import cn.hutool.core.lang.Console;
import com.ruoyi.common.annotation.Log;

import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * XiaoYi...
 * 过滤sql
 * bc17ce92-37f5-42d3-bd36-782f2078e4e1
 */
public class FilterSql {




    @Log(title = "验证sql语句")
    public static String filter(String sql) {
        sql = sql.toLowerCase();
        String regex = "(?<=from)[\\s\\S]*?(?=where)|(?<=from)[\\s\\S]*?(?=group)|(?<=from)[\\s\\S]*?(?=\\;)|(?<=from)[\\s\\S]*?$";
        String froms = "";
        Pattern pattern = Pattern.compile(regex);
        Matcher matcher = pattern.matcher(sql);
        while (matcher.find()) {
            froms = matcher.group(0);
            String[] select_name = froms.split(",");
            for (String namses : select_name) {
//                System.out.println(namses);
                if (!namses.matches("^[\\s]*(yf_).*")) {
                    Console.log("防止sql语句注入检查发现异常sql： {}[{}] {}", false, namses, sql);
                    return null;
                }
            }
        }
        Console.log("防止sql语句注入检查 [正常]：  [{}]", sql.replaceAll("\n", ""));
        return sql;
    }


}

